[prev in list] [next in list] [prev in thread] [next in thread]
List: fuzzing
Subject: Re: [fuzzing] Windows screensaver lock and lecturing
From: Thierry Zoller <Thierry () Zoller ! lu>
Date: 2007-08-31 20:21:41
Message-ID: 317444679.20070831222141 () Zoller ! lu
[Download RAW message or body]
Dear Gadi,
You should really reply to emails ;)
This is a typical "Send F1 to all open Windows" attack, I use it to
get System privs on broken drivers, F1 ist Help, if no HLP file is
referenced it will pop up a File Open dialog (*.hlp), browse to cmd.exe and
voila.
Now I don't know why this happens while unlocking the screen.
GE> I was giving a lecture at NPS yesterday, and while I was unlocking my laptop
GE> (XP), suddently, before unlocked, a File Open window pops up. I could browse,
GE> and more importantly, open files. The first choice of the system was .hlp.
GE> Can someone say pwnage? Anyone up to doing some monkey fuzzing on that
GE> interface?
GE> Gadi.
GE> _______________________________________________
GE> fuzzing mailing list
GE> fuzzing@whitestar.linuxbox.org
GE> http://www.whitestar.linuxbox.org/mailman/listinfo/fuzzing
--
http://secdev.zoller.lu
Thierry Zoller
Fingerprint : 5D84 BFDC CD36 A951 2C45 2E57 28B3 75DD 0AC6 F1C7
_______________________________________________
fuzzing mailing list
fuzzing@whitestar.linuxbox.org
http://www.whitestar.linuxbox.org/mailman/listinfo/fuzzing
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic